4 Oracle Security Engine

This chapter provides information about using the Oracle Security Engine Software Development Kit (SDK) certificate package. Oracle Security Engine is a superset of Oracle Crypto. It contains all of the libraries and tools provided with Oracle Crypto, plus additional packages and utilities for generating digital certificates.

Note:

The use of the Oracle Security Engine library is not recommended beginning with Oracle AS 11gR1. Instead use the JDK's Certificate APIs.

4.2 Setting Up Your Oracle Security Engine Environment

The Oracle Security Developer Tools are installed with Oracle Application Server in ORACLE_HOME. This section provides information for setting up your environment for Oracle Security Engine. It contains the following topics:

4.3 Core Classes and Interfaces

This section provides information and code samples for using the certificate facility classes of Oracle Security Engine. Oracle Security Engine also includes all of the classes provided with Oracle Crypto. See Chapter 3, "Oracle Crypto" for an overview of the core Oracle Crypto classes.

Class Changes in OracleAS 11gR1

In OracleAS 11gR1, the oracle.security.crypto.cert.X509 class for certificate management has been replaced with java.security.cert.X509Certificate

4.3.1 The oracle.security.crypto.cert.X500RDN Class

This class represents an X.500 Relative Distinguished Name (RDN). This is the building block for X.500 names. A RDN consists of a set of attribute-value pairs. Typically, there is a single attribute-value pair in each RDN.

4.3.2 The oracle.security.crypto.cert.X500Name Class

This class represents distinguished names as used in the X.500 series of specifications, defined in X.520. An X500Name object is made of X500RDN objects. An X500Name holds attributes defining an entity such as the common name, country, organization, and so on.

To create an X500Name object, use the standard constructor and then populate the object with attributes. Once created, the object can then be DER-encoded to make it available to other processes:

4.3.3 The oracle.security.crypto.cert.CertificateRequest Class

This class represents a PKCS#10 certificate request containing information about an entity and a signature of the content of the request. The certificate request is used to convey information and authentication data (the signature) that will be used by a Certificate Authority (CA) to generate a certificate for the corresponding entity.

Creating a new certificate request involves the following high-level steps:

Create a new instance of CertificateRequest by using the empty constructor and setting the keys and the subject name, or by using the constructor taking an X500Name and a KeyPair object.